On Thu, 2011-03-10 at 20:28 -0500, Jeff Garzik wrote: > On 03/10/2011 06:13 PM, James Bottomley wrote: > > I think this stems from a misunderstanding of how the ata error handler > > works. ata_scsi_cmd_error_handler() gets called with a passed in list > > of commands to handle. However, that list may still not be empty when > > it exits. The command ata_scsi_port_error_handler() must be called > > (which takes no list) before the list will be completely emptied. This > > bites the sas error handler because the two are called from different > > functions and the original list has gone out of scope before > > ata_scsi_port_error_handler() is called. leading to some commands > > dangling on bare stack, which is a potential memory corruption issue. > > Fix this by manually deleting all outstanding commands from the on-stack > > list before it goes out of scope. > > Good catch... I cannot tell a lie: it was the list debugger code that told me something was wrong ... I just looked at it to see what the problem was. James -- To unsubscribe from this list: send the line "unsubscribe linux-ide" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html